Authenticating to Other Domains in the Tree
The previous example showed how a user becomes authenticated in her home domain and receives a list of her credentials. In a multidomain environment, users will need to access services in other domains in the forest. In previous versions of NT, this required a complex web of non-transitive trusts that stretched explicitly from every domain that contained users to every domain that contained services. Because Kerberos trusts are transitive, you are no longer required to maintain these explicit trusts. The trust relationships that are automatically created when a child domain is created are sufficient for authentication throughout the forest. In addition, they are mandatory, and therefore cannot be disabled ...
Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
